public key infrastructure – How to store other people's SSH keys safely?

It's not really a programming issue, but listen to me please. I am building a deployment tool. So, using my application, others can deploy their own application on their own servers. (just like forge.laravel.com),

Here are the cases of use for this particular question

  1. I have to store each of my user's public ssh keys, because I have to insert this key into each of the servers provided. so that users can connect to their servers via ssh without any manual authorization.
  2. In addition, I must allow the ssh key of my applications (that is, the public key of my servers) on the servers of the clients so that I can execute commands on the server of my user by name.
  3. I need to generate a new key on the newly provisioned client server and allow it into the client's github / gitlab so that when I push / pull the server, I do not need to enter user name or password.

When coming to the question, where / how to store these keys (in a secure way)? can I store them in a specific directory of my server? This makes me think that my server can be a big target for hackers, because if they are able to hack, it opens doors to a multitude of servers.

What are the steps to make this configuration more secure?

Considering use case 2, does this generate a difference if I generate separate keys for separate clients?

windows 10 – wake up monitor with ssh

After giving up for months, I would like to come back to the idea that seems incredibly simple. I want a script that wakes up my monitors after they are put to sleep. I've tried almost all the approaches I can think of, please, do something that prevents me from adopting a dog that will fetch a bluetooth mouse in shape bone by making it move in the process (yes, I'm desperate)

What I have done so far:

1) Installing OpenSSH on Win10 Remote Machine (works)

2) Get the Windows interactive session to have authority over the actual session:

FOR / F "usebackq tokens = 4"% s IN (to-do list / nh / fo table / fi
"imagename eq explorer.exe"
) MAKE …

3a) Start one of the many programs that keep Windows awake. These do not work because they are never launched by psexec or powershell. Or at least if they run, they do not show up and do nothing. That's for any process that I'm trying to start.

3b) Use SendMessage as I do to send it to sleep:

psexec -accepteula -nobanner -d -i %% s -w "% windir%" powershell (Add-Type & # 39;[DllImport(“user32.dll”)]^ external static public int SendMessage (int hWnd, int hMsg, int wParam, int lParam); & # 39; -Name a -No) :: SendMessage (-1,0×0112,0xF170, -1)
If you pass 2 as the last parameter, it works perfectly to turn off the monitor. Passing anything else (for example, -1 for ON) does nothing.

3c) From now on, I try to do a simulation of the mouse, etc .:

FOR / F "usebackq tokens = 4" %% s IN (list of tasks / nh / fo table / fi "imagename eq explorer.exe") DO psexec -accepteula -nobanner -d -i %% s -w "% windir%" powershell (Add-Type & # 39;[DllImport(“user32.dll”)]^ external static public void mouse_event (uint dwFlags, int dx, int dy, uint dwData, int dwExtraInfo); & # 39; -Name user32 -PassThru) :: mouse_event (1,40,0,0,0)
Works executed locally with high fees. Will pop up PowerShell briefly when it is used with SSH. Do not move the mouse.

3d) using the good old monitor nircmd.exe or a similar similar activated monitor on the utilities. Same result as 3a)

Many linked threads have supposed solutions, but not them works for me. The only difference I could see when running the script locally against ssh is that there is an output like

Powershell started with xxxxx process ID

Other than that, I have no way of telling what's going on. I put a 0 echo at the end of the scripts to check whether it has been run or not. That always gives me the 0. Someone has an idea of ​​what I miss? Especially 3b) is strange for me because it works to send the monitor to sleep.

VEEROTECH SSH / FTP Storage from 2 CENTS PER GB | RAID10 | Duplicated specifications | Compatible with Jet Backup

VeeroTech Systems specializes in providing high quality shared web hosting, reseller and VPS solutions in Raleigh, North Carolina.
Read our approved reviews Shopper: http://www.shopperapproved.com/reviews/veerotech.net/
Server hardware: Our VPS storage servers include dual E5 v3 processors, RAID10 storage, DDR4 memory, redundant network connections, and proprietary hardware that is fully maintained and built by us.
=============================================== === ====

Storage based on cPanel SSH / FTP

50 GB $ 2.50 / month (billed annually at $ 30 / year)

  • 50 GB of RAID 10 storage
  • Redundant power A + B
  • Redundant network connectivity
  • cPanel Based Front End

View SSH / FTP storage

100 GB $ 5.95 / month

  • 100 GB of RAID 10 storage
  • Redundant power A + B
  • Redundant network connectivity
  • cPanel Based Front End

View SSH / FTP storage

150 GB $ 8.95 / month

  • 150 GB of RAID 10 storage
  • Redundant power A + B
  • Redundant network connectivity
  • cPanel Based Front End

View SSH / FTP storage

250 GB $ 12.95 / month

  • RAID storage 10 250 GB
  • Redundant power A + B
  • Redundant network connectivity
  • cPanel Based Front End

View SSH / FTP storage

500 GB $ 24.95 / month

  • 500 GB of RAID 10 storage
  • Redundant power A + B
  • Redundant network connectivity
  • cPanel Based Front End

View SSH / FTP storage

View SSH and FTP Storage Plans

Questions? Send us an email to info@veerotech.net or visit our contact page here: http://www.veerotech.net/contact/

How to import database data to a new host that is running a newer version of MySQL without ssh access?

My current host for an old website has only MySQL 5.0
(serverVersion = 10.2.12-MariaDB-log).

I want to move this website to a host with MySQL 5.5 or 5.6 or 5.7 (depending on the server I'm going to).

But the only instructions I can find to update the database data from 5.0 to 5.6 / 5.7 are run from the command line, requiring ssh access that I do not have.
For example, these are the clearest and best instructions I've found, but I can not use them because, as far as I know, I do not have ssh, I do not quite understand the references ([he?] makes. (for example, he says - no faults "for simplicity" but even if I had ssh, I do not know if I should also use this flag or others.)

I usually use MySQL Workbench to connect to remote databases, but when I connect to this old host via MySQL Workbench, a message appears saying [Workbench] is not compatible with 5.0.
So, for this host, I still used MySQL Workbench to make a backup (which probably means that the backup is not good), or I use the web tool of the host (this is not is not my preference, but it is obviously better).
I've also recently installed HeidiSQL as it seems to be compatible with version 5.0 (I still do not give a warning / error message). So I started making backups and minor changes to the data on this host using HeidiSQL.

The only reason I've continued to use the host that runs MySQL 5.0 is that I have not yet found instructions on migrating data from websites on this server, whether through the online database tool of a hosting provider, MySQL Workbench or HeidiSQL!
All I see is intended to perform step-by-step data upgrades using the command line and / or to upgrade the database server itself.

I need a way to upgrade the data from 5.0 to 5.6 or 5.0 to 5.7, probably in one step, using a database connection tool mistletoe or some other independent method.
I will not have access to any other mySQL server that I migrate to (5.0) and to the server I'm migrating to (5.5, 5.6 or 5.7).

Does anyone know how to do that?

EDIT:

  • I usually choose "Export" in the GUI to export and choose all the tables when I do a database backup. I guess this is identical to a "database dump" that I see referenced everywhere.
    Is it correct? If no, how to generate an appropriate dump file?
  • What "settings" of export should I use when the goal is to upgrade and migrate?
  • I also see some references to the users table. Do I need to perform other exports to fully transfer and upgrade my database to a newer server with a newer version?

postgresql – stand-alone application – SQLite with SSH or forced Postgres server

I develop an application that works with very sensitive data and need advice on the structure of the database.

requirements are:

  • Minimal installation of third-party software [the software should reach non-technical users]
  • The data used must remain with the client to ensure confidentiality
  • The Web server is not allowed to save data longer than that of an open session in its cache

I have therefore thought of the following two scenarios:

Database structures

Example 1 is more complex and "hack" around the local nature of Sqlite.
But this does not require any software installation.

Example 2 forces the user to install PostgreSQL from the start on their device to initialize itself as a database, but is probably a more practical approach.

Which scenario is preferable from your point of view?
Is it possible to initialize a Postgres database as a file without force the client to install its software, while maintaining its broadcast server capacity?

command line – link via ssh server to ssh client

I can install and run an ssh server on my Android 6.0 phone (Banana ssh server) and run a ssh client on it (termius). How to invoke the client from the command line provided by the server? I type "ssh" and it is not a recognized command. I want to use the phone to connect to other servers.

My real IP address is first on Ubuntu, but the web project container on another (Loca). Now I need an SSH connection to my local server from an external IP address.

my real ip is on the first Ubuntu but the web project container on another (loca). Now I need an SSH connection to my local server from an external IP address.
Please help.
How can I access the files on the local server, I can ssh connect to the real IP server only.

magento2 – Is it possible to install themes without SSH, simply by using FTP?

I have a vps, installed the Porto theme on Magento 2, I paid the support of the theme developers.

Whenever I encounter a problem installing themes or things like that, I contact the support.

They keep saying the same thing "Give me please FTP access and I will check that for you."

I say, "Are you sure you do not want to access SSH?"

They do not respond, they do not seem to need it and they do not seem to know much about Linux either. I asked them to give me their public key so that I could put it on the server, I did not answer and insisted on FTP access. Porto is the most popular and commented Magento theme of all time, and its support team is respected.

I'm thinking about it, what can you do with FTP access? You can not install a theme, you must always run commands using ssh, you can not even check if the file permissions are correct.

If you only have FTP access, can you do something?

Shut down ESXi 6.7 with a script via SSH without going into maintenance mode

I'm trying to write a script that ssh is meant for ESXi 6.7 and stops the host, as well as the virtual machines according to the system shutdown policy in effect.

I'm using a Dell ESXi 6.7 custom image in a Dell R710 with a dual Xeon X5650 and 144 GB RAM.

In fact, what I want, it's the same I can get with:

Stop via graphical interface

Stop via console

I have ssh enabled on the server.

I have already tried:

1) host_shutdown.sh (we get there indefinitely)

2) /bin/host_shutdown.sh (He gets there indefinitely)

3) stop (stops the server but does not shut down the VMs)

I have also tried:

esxcli system shutdown --reason I_want_IT

but the system must be in maintenance mode and I want to do it without entering maintenance mode

I then discovered this thread here in Server Fault, but it does not work on my server (I guess it only works on ESXi 5):

How can I stop the host via SSH on ESXi 5 in order to properly close the guests?

I think I'm too stupid to find out for myself how to do it, because I guess it has to be a simple thing to do.

git – SSH from github fails from jenkins user

I'm trying to SSH to github, but it fails with the following debug log:

jenkins @ vps412690: / $ ssh -vvv git@github.com
OpenSSH_6.7p1 Debian-5 + deb8u7, OpenSSL 1.0.1t 3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: / etc / ssh / ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to github.com [140.82.118.4] port 22.
debug1: Connection established.
debug1: identity file /var/lib/jenkins/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/jenkins/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5 + deb8u7
debug1: Remote protocol version 2.0, remote software version babeld-f3847d63
debug1: no match: babeld-f3847d63
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "github.com" from file "/var/lib/jenkins/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /var/lib/jenkins/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01 @ openssh.com, ssh-rs-cert-v00 @ openssh.com, ssh-rsa
debug1: SSH2_MSG_KEXINIT feels
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256 @ libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1, diffie hellman-group-exchange-sha1, diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01 @ openssh.com, ssh-rsa-cert-v00 @ openssh.com, ssh-rsa, ecdsa-sha2-nistp256-cert-v01 @ openssh.com, ecdsa-sha2- nistp384-cert-v01 @ openssh.com, ecdsa-sha2-nistp521-cert-v01 @ openssh.com, ssh-ed25519-cert-v01 @ openssh.com, ssh-dss-cert-v01 @ openssh.com, ssh dSS-cert-v00 @ openssh.com, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ed25519 ssh, ssh-dss
debug2: kex_parse_kexinit: aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm @ openssh.com, aes256-gcm @ openssh.com, chacha20-poly1305 @ openssh.com, arcfour256, arcfour128, aes128-cbc, 3des- cbc, blowfish-cbc, CAST128-cbc, AES192-cbc, aes256-cbc, arcfour, rijndael-cbc @ lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm @ openssh.com, aes256-gcm @ openssh.com, chacha20-poly1305 @ openssh.com, arcfour256, arcfour128, aes128-cbc, 3des- cbc, blowfish-cbc, CAST128-cbc, AES192-cbc, aes256-cbc, arcfour, rijndael-cbc @ lysator.liu.se
debug2: kex_parse_kexinit: umac-64-etm @ openssh.com, umac-128-etm @ openssh.com, hmac-sha2-256-etm @ openssh.com, hmac-sha2-512-etm @ openssh.com, hmac- sha1-andm @ openssh.com, UMAC-64 @ openssh.com, UMAC-128 @ openssh.com, hmac-SHA2-256, hmac-sha2-512, HMAC-sHA1, HMAC-mD5-andm @ openssh.com, hmac-ripemd160-sem @ openssh.com, hmac-SHA1-96-sem @ openssh.com, hmac-MD5-96-sem @ openssh.com, hmac-md5, hmac-ripemd160, hmac-ripemd160 @ openssh.com, hmac-SHA1-96, hmac-MD5-96
debug2: kex_parse_kexinit: umac-64-etm @ openssh.com, umac-128-etm @ openssh.com, hmac-sha2-256-etm @ openssh.com, hmac-sha2-512-etm @ openssh.com, hmac- sha1-andm @ openssh.com, UMAC-64 @ openssh.com, UMAC-128 @ openssh.com, hmac-SHA2-256, hmac-sha2-512, HMAC-sHA1, HMAC-mD5-andm @ openssh.com, hmac-ripemd160-sem @ openssh.com, hmac-SHA1-96-sem @ openssh.com, hmac-MD5-96-sem @ openssh.com, hmac-md5, hmac-ripemd160, hmac-ripemd160 @ openssh.com, hmac-SHA1-96, hmac-MD5-96
debug2: kex_parse_kexinit: none, zlib @ openssh.com, zlib
debug2: kex_parse_kexinit: none, zlib @ openssh.com, zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256, curve25519-sha256 @ libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256
debug2: kex_parse_kexinit: ssh-dss, rsa-sha2-512, rsa-sha2-256, ssh-rsa
debug2: kex_parse_kexinit: chacha20-poly1305 @ openssh.com, aes256-gcm @ openssh.com, aes128-gcm @ openssh.com, aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128- cbc
debug2: kex_parse_kexinit: chacha20-poly1305 @ openssh.com, aes256-gcm @ openssh.com, aes128-gcm @ openssh.com, aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128- cbc
debug2: kex_parse_kexinit: hmac-sha2-256-etm @ openssh.com, hmac-sha2-512-etm @ openssh.com, hmac-sha1-etm @ openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
debug2: kex_parse_kexinit: hmac-sha2-256-etm @ openssh.com, hmac-sha2-512-etm @ openssh.com, hmac-sha1-etm @ openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
debug2: kex_parse_kexinit: none, zlib, zlib @ openssh.com
debug2: kex_parse_kexinit: none, zlib, zlib @ openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-sha2-256-etm@openssh.com
debug1: kex: server-> client aes128-ctr hmac-sha2-256-etm@openssh.com none
debug2: mac_setup: setup hmac-sha2-256-etm@openssh.com
debug1: kex: client-> server aes128-ctr hmac-sha2-256-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 16: 27: ac: a5: 76: 28: 2d: 36: 63: 1b: 56: 4d: eb: df: a6: 48
debug3: load_hostkeys: loading entries for host "github.com" from file "/var/lib/jenkins/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /var/lib/jenkins/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "140.82.118.4" from file "/var/lib/jenkins/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /var/lib/jenkins/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found in /var/lib/jenkins/.ssh/known_hosts:1
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS feels
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_SERVICE_REQUEST feels
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /var/lib/jenkins/.ssh/id_rsa (0x55fd4076bff0),
debug2: key: /var/lib/jenkins/.ssh/id_dsa ((nil)),
debug2: key: /var/lib/jenkins/.ssh/id_ecdsa ((nil)),
debug2: key: /var/lib/jenkins/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex, gssapi-mic, publickey, keyboard-interactive, password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive, password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /var/lib/jenkins/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we feel a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /var/lib/jenkins/.ssh/id_dsa
debug3: no such identity: /var/lib/jenkins/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /var/lib/jenkins/.ssh/id_ecdsa
debug3: no such identity: /var/lib/jenkins/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /var/lib/jenkins/.ssh/id_ed25519
debug3: no such identity: /var/lib/jenkins/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet
debug1: No more authentication methods to try.
Permission denied (publickey).